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Abstract. We develop a behavioral theory for the untyped call-by-value 
A-calculus extended with the delimited-control operators shift and reset. 
For this calculus, we discuss the possible observable behaviors and we de- 
fine an applicative bisimilarity that characterizes contextual equivalence. 
We then compare the applicative bisimilarity and the CPS equivalence, 
a relation on terms often used in studies of control operators. In the pro- 
cess, we illustrate how bisimilarity can be used to prove equivalence of 
terms with delimited-control effects. 



1 Introduction 

Morris-style contextual equivalence [2D] is usually regarded as the most natural 
behavioral equivalence for functional languages based on A-calculi. Roughly, two 
terms are equivalent if we can exchange one for the other in a bigger program 
without affecting its behavior (i.e., whether it terminates or not). The quantifica- 
tion over program contexts makes contextual equivalence hard to use in practice 
and, therefore, it is common to look for more effective characterizations of this 
relation. One approach is to rely on coinduction, by searching for an appropriate 
notion of bisimulation. The bisimulation has to be defined in such a way that its 
resulting behavioral equivalence, called bisimilarity, is sound and complete with 
respect to contextual equivalence (i.e., it is included and contains contextual 
equivalence, respectively). 

The problem of finding a sound and complete bisimilarity in the A-calculus 
has been well studied and usually leads to the definition of an applicative bisim- 
ilarity |llllllOj (or, more recently, environmental bisimilarity [22] )■ The situa- 
tion is more complex in A-calculi extended with control operators for first-class 
continuations — so far, only a few works have been conducted on the behavioral 
theory of such calculi. A first step can be found for the A/x-calculus (a calculus 
that mimics abortive control operators such as call/cc \21\ ) in [3] and [5], where 
it is proved that the definition of contextual equivalence can be slightly simpli- 
fied by quantifying over evaluation contexts only; such a result is usually called a 
context lemma. In [24' , St0vring and Lassen define an eager normal form bisim- 
ilarity (based on the notion of Levy-Longo tree equivalence) |14I15I16] which 
is sound for the A/i-calculus, and which becomes sound and complete when a 



The author is supported by the Alain Bensoussan Fellowship Programme. 



1 



notion of state is added to the A/i-calculus. In [TS], Merro and Biasi define an 
applicative bisimilarity which characterizes contextual equivalence in the CPS 
calculus , a minimal calculus which models the control features of functional 
languages with imperative jumps. As for the A-calculus extended with control 
only, however, no sound and complete bisimilarities have been defined. 

In this article, we present a sound and complete applicative bisimilarity for a 
A-calculus extended with Danvy and Filinski's static delimited-control operators 
shift and reset [7]. In contrast to abortive control operators, delimited-control 
operators allow to delimit access to the current continuation and to compose 
continuations. The operators shift and reset were introduced as a direct-style 
realization of the traditional success/failure continuation model of backtracking 
otherwise expressible only in continuation-passing style. The numerous theoret- 
ical and practical applications of shift and reset (see, e.g., [5] for an extensive 
list) include the seminal result by Filinski showing that a programming language 
endowed with shift and reset is monadically complete 13]. 

The A-calculi with static delimited-control operators have been an active 
research topic from the semantics as well as type- and proof-theoretic point of 
view (see, e.g., |5I4I2| ). However, to our knowledge, no work has been carried out 
on the behavioral theory of such A-calculi. In order to fill this void, we present a 
study of the behavioral theory of an untyped, call-by-value A-calculus extended 
with shift and reset ,7;, called A5. In Section [2l we give the syntax and reduction 
semantics of A5, and discuss the possible observable behaviors for the calculus. 
In Section [3l we define an applicative bisimilarity, based on a labelled transition 
semantics, and prove it characterizes contextual equivalence, using an adaptation 
of Howe's congruence proof method [llj. As a byproduct, we also prove a con- 
text lemma for A5. In Section |4l we study the relationship between applicative 
bisimilarity and an equivalence based on translation into continuation-passing 
style (CPS), a relation often used in works on control operators and CPS. In the 
process, we show how applicative bisimilarity can be used to prove equivalence 
of terms. Section [5] concludes the article and gives ideas for future work. The 
appendices contain the proofs missing from the body of the article. 

2 The Language A5 

In this section, we present the syntax, reduction semantics, and contextual equiv- 
alence of the language A5 used throughout this article. 

2.1 Syntax 

The language As extends the call-by-value A-calculus with the delimited-control 
operators shift and reset [7]. We assume we have a set of term variables, ranged 
over by x and k. We use two metavariables to distinguish term variables bound 
with a A-abstraction from variables bound with a shift; we believe such distinc- 
tion helps to understand examples and reduction rules. The syntax of terms and 
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values is given by the following grammars: 

Terms: i ::= x | Xx.t \ tt \ Sk.t \ (t) 
Values: v ::— Xx.t 

The operator shift (Sk.t) is a capture operator, the extent of which is determined 
by the delimiter reset ((•)). A A-abstraction Xx.t binds x int and a shift construct 
Sk.t binds k in t; terms are equated up to a-conversion of their bound variables. 
The set of free variables of t is written fv(i); a term is closed if it does not contain 
any free variable. Because we work mostly with closed terms, we consider only 
A- abstractions as values. 

We distinguish several kinds of contexts, defined below, which all can be seen 
as terms with a hole. 

Pure evaluation contexts: E ::— D \ v E \ E t 

Evaluation contexts: F ::== □ | F | F i | (F) 

Contexts: C ::= □ | Xx.C \tC\ Ct \ Sk.C \ (C) 

Regular contexts are ranged over by C . The pure evaluation contextsQ (abbrevi- 
ated as pure contexts), ranged over by F, represent delimited continuations and 
can be captured by the shift operator. The call-by-value evaluation contexts, 
ranged over by F, represent arbitrary continuations and encode the chosen re- 
duction strategy. Following the correspondence between evaluation contexts of 
the reduction semantics and control stacks of the abstract machine for shift and 
reset, established by Biernacka et al. [5], we interpret contexts inside-out, i.e., □ 
stands for the empty context, v E represents the "term with a hole" E[v []], E t 
represents F[[] t], (F) represents F[([])], etc. (This choice does not affect the 
results presented in this article in any way.) Filling a context C (respectively E, 
F) with a term t produces a term, written C[t] (respectively F[t], F[t]); the free 
variables of t can be captured in the process. A context is closed if it contains 
only closed terms. 

2.2 Reduction Semantics 

Let us first briefly describe the intuitive semantics of shift and reset by means of 
an example written in SML using Filinski's implementation of shift and reset [S]. 

Example 1. The following function copies a list [B] (the SML expression shift 
(fn k => t) corresponds to iS/c.i and reset (fn () => t) corresponds to (i)): 

fun copy xs = 

let fun visit nil = nil 

I visit (x::xs) = visit (shift (fn k => x : : (k xs))) 
in reset (fn () => visit xs) end 

This program illustrates the main ideas of programming with shift and reset: 

^ This terminology comes from Kameyama (e.g., in [12]). 
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— Reset delimits continuations. Control effects are local to copy. 

— Shift captures delimited continuations. Each, but last, recursive call to visit 
abstracts the continuation fn v => reset (fn () => visit v) and binds 
it to k. 

— Captured continuations arc statically composed. When applied in the expres- 
sion k xs, the captured continuation becomes the current delimited contin- 
uation that is isolated from the rest of the program by a control delimiter — 
witness the reset expression in the captured continuation. 

Formally, the call-by- value reduction semantics of Xs is defined by the fol- 
lowing rules, where t{v/x} is the usual capture-avoiding substitution of v for x 
in t: 

iP^) F[{Xx.t) v] F[t{v/x}] 

{shift) F[{E[Sk.t\)] ^-v F[{t{Xx.{E[x])/k})] with x ^ f\/{E) 
(reset) F[{v)] -^^ F[v] 

The term (Xx.t) v is the usual call-by- value redex for /3- reduction (rule {(3^)). 
The operator Sk.t captures its surrounding context E up to the dynamically 
nearest enclosing reset, and substitutes Xx.{E[x]) for k in t (rule (shift)). If a 
reset is enclosing a value, then it has no purpose as a delimiter for a potential 
capture, and it can be safely removed (rule (reset)). All these reductions may 
occur within a metalevel context F. The chosen call- by- value evaluation strategy 
is encoded in the grammar of the evaluation contexts. 

Example 2. Let i = Xx.x and uj = Xx.xx. We present the sequence of reductions 
initiated by (((Ski.i (ki i)) Sk2.uj) (ujio)). The term Ski.i (kii) is within the 
pure context i? = (□ (ww)) Sk^.oJ (remember that we represent contexts inside- 
out), enclosed in a delimiter (•), so E is captured according to rule (shift). 

{((Ski.i (ki i)) Sk2.Lu) (to u))) — >v (* ((Xx.{(x Sk2.Lo) (uj uj))) i)) 

The role of reset in Xx.{E[x]) becomes clearer after reduction of the (/3u)-redex 
(Xx.{E[x])) i. 

{i ((Xx.{(x Sk2.u)) (uj uj))) i)) — >v (* ((« Sk2.uj) (uj uj))) 

When the captured context E is reactivated, it is not merged with the context 
i □, but composed thanks to the reset enclosing E. As a result, the capture 
triggered by Sk2-uj leaves the term i outside the first enclosing reset untouched. 

{i {(i Sk^.uj) {uj uj))) {i (uj)) 

Because k2 does not occur in uj, the context i (□ (uj uj)) is discarded when 
captured by Sk2.uj. Finally, we remove the useless delimiter (i (uj)) — >-v (iuj) 
with rule (reset), and we then (/3„)-reducc and remove the last delimiter (i uj) — >v 
(uj) — >v uj. Note that, while the reduction strategy is call-by-value, some function 
arguments are not evaluated, like the non-terminating term cjcj in this example. 
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There exist terms which are not values and which cannot be reduced any 
further; these are called stuck terms. 

Definition 1. A closed term t is stuck ift is not a value and t 

For example, the term E[Sk.t\ is stuck because there is no enclosing reset; the 
capture of E by the shift operator cannot be triggered. In fact, closed stuck 
terms are easy to characterize. 

Lemma 1. A closed term t is stuck iff t — E[Sk.t'] for some E, k, and t' . 

We call redexes (ranged over by r) the terms of the form (Xx.t) v, {E[Sk.t\), and 
{v). Thanks to the following unique-decomposition property, the reduction — >-v 
is deterministic. 

Lemma 2. For all closed terms t, either t is a value, or it is a stuck term, or 
there exist a unique redex r and a unique context F such that t = F[r]. 

Given a relation TZ on terms, we write TZ* for the transitive and reflexive 
closure of TZ. We define the evaluation relation of \s as follows. 

Definition 2. We write t J|v t' if t — >* t' and t' 

The result of the evaluation of a closed term, if it exists, is either a value or a 
stuck term. If a term t admits an infinite reduction sequence, we say it diverges, 
written t f|~v In the rest of the article, we use extensively Q = [Xx.x x) {Xx.x x) 
as an example of such a term. 

2.3 Contextual Equivalence 

In this section, we discuss the possible definitions of a Morris-style contextual 
equivalence for the calculus A5. As usual, the idea is to express that two terms 
are equivalent iff they cannot be distinguished when put in an arbitrary context. 
The question is then what kind of behavior we want to observe. As in the regular 
A-calculus we could observe only termination (i.e., does a term reduce to a value 
or not), leading to the following relation. 

Definition 3. Let to, ti be closed terms. We write to ti if for all closed C , 
Cf^o] -ll-v Wo implies C[ti\ J|v vi, and conversely for C[ti\. 

This definition docs not mention stuck terms; as a result, they can be equated 
with diverging terms. For example, let Iq = {Sk.k Xx.x) f2, ti = J7, and C be 
a closed context. If C[to] JJ-v wq, then we can prove that for all closed t, there 
exists V such that C[t] J|v v (roughly, because t is never evaluated; see Lemma [8] 
in Appendix |A| . In particular, we have C[ti] JJ-v vi. Hence, we have ~c ^i- 
A more fine-grained analysis is possible, by observing stuck terms. 

Definition 4. Let to, ti be closed terms. We write tg ti if for all closed C, 

- C[to] J|v vo implies C[ti] J|v fi; 

— C[to] Jj-v t'o, where t'g is stuck, implies C[ti] J|v t'l, with t'l stuck as well; 
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and conversely for C[ti]. 

The relation distinguishes the terms to and ti defined above. We beheve «^ 
is more interesting because it gives more information on the behavior of terms; 
consequently, we use it as the contextual equivalence for A5. Henceforth, we 
simply write ~c for w^. 

The relation f^c, like the other equivalences on terms defined in this article, 
can be extended to open terms in the following way. 

Definition 5. Let TZ be a relation on closed terms. The open extension ofTZ, 
written TZ° , is defined on open terms as: we write to 1^° ti if for every substitution 
a which closes to and ti, tocr TZ ticr holds. 

Remark 1. Contextual equivalence can be defined directly on open terms by 
requiring that the context C binds the free variables of the related terms. The 
resulting relation would be equal to «c° [TO] . 

3 Bisimilarity for 

In this section, we define an applicative bisimilarity and prove it equal to con- 
textual equivalence. 

3.1 Labelled Transition System 

To define the bisimilarity for A5 , we propose a labelled transition system (LTS) , 
where the possible interactions of a term with its environment are encoded in the 
labels. Figure [T] defines a LTS to ^ ti with three kinds of transitions. An internal 
action t —¥ t' is an evolution from t to t' without any help from the surrounding 
context; it corresponds to a reduction step from t to t' . The transition vo t 
expresses the fact that vo needs to be applied to another value vi to evolve, 
reducing to t. Finally, the transition t ^ t' means that t is stuck, and when t is 
put in a context E enclosed in a reset, the capture can be triggered, the result 
of which being t' . 

Most rules for internal actions (Fig. [T]) are straightforward; the rules ((3v) 
and (reset) mimic the corresponding reduction rules, and the compositional rules 
(right^), (leftr), and ((•}t) allow internal actions to happen within any evaluation 
context. The rule {{■)s) for context capture is explained later. Rule (val) defines 
the only possible transition for values. Note that while both rules ((3v) and (val) 
encode /3-reduction, they are quite different in nature; in the former, the term 
{Xx.t) V can evolve by itself, without any help from the surrounding context, 
while the latter expresses the possibility for Xx.t to evolve only if a value v is 
provided by the environment. 

The rules for context capture are built following the principles of comple- 
mentary semantics developed in [TT] . The label of the transition t ^ t' contains 
what the environment needs to provide (a context E, but also an enclosing reset, 

left implicit) for the stuck term t to reduce to t' . Hence, the transition t ^ t' 
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to — > t'o 



(|3„) — (reset) ^ ; (left^ 

(Xx.t) V — > t{v/x} (v) — > U to tl — 7- to ti 



vt^vt {t) {t) {t) t Xx.t — >• t{v/x\ 

X i fv(S) to ^t'o t^t' 

^ ^ ' (shift) ^ (lefts) ^(rights) 



Sk.t ^ {t{Xx.{E\x\)/k}) toti^t'o vt-^t 



Fig. 1: Labelled Transition System 



means that we have {E[t]) t' by context capture. For example, in the rule 
(shift), the result of the capture of E by Sk.t is {t{Xx.{E[x])/k}). 

In rule (left^), we want to know the result of the capture of E by the term 
to ti, assuming to contains an operator shift. Under this hypothesis, the capture 
of E by to ti comes from the capture of E ti by to- Therefore, as premise of the 
rule (left^), we check that to is able to capture E ti, and the result t'^ of this 
transition is exactly the result we want for the capture of i? by <o ^i- The rule 
(right5) follows the same pattern. Finally, a stuck term t enclosed in a reset is 
able to perform an internal action (rule {{■)s))', we obtain the result t' of the 
transition {t) t' by letting t capture the empty context, i.e., by considering 
the transition t ^ t'. 

Example 3. With the same notations as in Example [2 we illustrate how the LTS 
handles capture by considering the transition from {{i Sk.uj) {uj uj)). 



ok.U! !► (a;) 

5^ (lefts) 

(iSk.uj) (tu uj) — > (io) 

/ ((•)s) 

{{iSk.uj) {oJ uj)) — > (w) 

Reading the tree from bottom to top, we see that the rules {{■)s), (lefts), and 
(right^) build the captured context in the label by deconstructing the initial term. 
Indeed, the rule {{■)s) removes the outermost reset, and initiates the context in 
the label with □. The rules (lefts) and (right^) then successively remove the 
outermost application and store it in the context. The process continues until 
a shift operator is found; then we know the captured context is completed, and 
the rule (shift) computes the result of the capture. This result is then simply 
propagated from top to bottom by the other rules. 

The LTS corresponds to the reduction semantics and exhibits the observable 
terms (values and stuck terms) of the language in the following way. 
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Lemma 3. The following hold: 

— We have ^ = — >-v. 

— If t — > t' , then t is a stuck term, and {E[t]} ^ t' . 

— If t t' , then t is a value, and tv^t'. 

3.2 Applicative Bisimilarity 

We now define the notion of applicative bisimilarity for A5. We write =^> for the 
reflexive and transitive closure of We define the weak delajH transition ^ as 
if a = r and as =>— > otherwise. The definition of the (weak delay) bisimilarity 
is then straightforward. 

Definition 6. A relation TZ on closed terms is an applicative simulation if to TZ 
ti implies that for all to — > tg, there exists t'l such that ti => t'l and t'^ TZ t'l. 

A relation TZ on closed terms is an applicative bisimulation ifTZ and TZ~^ are 
simulations. Applicative bisimilarity w is the largest applicative bisimulation. 

In words, two terms are equivalent if any transition from one is matched by a 
weak transition with the same label from the other. As in the A-calculus |1I10| . 
it is not mandatory to test the internal steps when proving that two terms are 
bisimilar, because of the following result. 

Lemma 4. If t ^ t' (respectively t JJ-v t' ) then t w t' . 

Lemma m holds because {{t,t') , t ^ t'} is an applicative bisimulation. Conse- 
quently, applicative bisimulation can be defined in terms of big-step transitions 
as follows. 

Definition 7. A relation TZ on closed terms is a big-step applicative simulation 
if to TZ ti implies that for all to with a ^ t, there exists t'l such that ti t'^ 

and tQ TZ t[ . 

A relation TZ on closed terms is a big-step applicative bisimulation if TZ and 
TZ~^ are big-step applicative simulations. Big-step applicative bisimilarity w is 
the largest big-step applicative bisimulation. 

Henceforth, we drop the adjective "applicative" and refer to the two kinds of 
relations simply as "bisimulation" and "big-step bisimulation" . 

Lemma 5. We have » = 

The proof is by showing that w is a big step bisimulation, and that « is a 
bisimulation (using a variant of Lemma U involving w). As a result, if 72. is a 
big-step bisimulation, then TZ'Z^CRi. We work with both styles (small-step 
and big-step), depending on which one is easier to use in a given proof. 

Example 4- Assuming we add lists and recursion to the calculus, we informally 
prove that the function copy defined in Example [T] is bisimilar to its effect-free 
variant, defined below. 

^ where internal steps are allowed before, but not after a visible action 
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fun copy2 nil = nil 

I copy2 (x: :xs) = x::(copy2 xs) 

To this end, we define the relations (where we let I range over lists, and e over 
their elements) 

"Til = {((ei :: (e2 :: . . . (e„ :: (visit /)))), ei :: (e2 :: . . . e„ :: (copy2 I)))} 
= {((ei :: (e2 :: . . . (e„ :: (0))), ei :: (e2 :: . . . e„ :: I))} 

and we prove that TZi U TZ2 U{(/, /)} is a bisimulation. First, let to T^i ^i- If ' is 
empty, then both visit / and copy2 I reduce to the empty list, and we obtain 
two terms related by 1^2- Otherwise, we have I = e„+i :: /', (visit I) reduces to 
(e„+i :: (visit I')), copy2 I reduces to e„+i :: (copy2 /'), and therefore to and 
ti reduce to terms that are still in TZi. Now, consider to T^2 ti; the transition 
from to removes the delimiter surrounding giving a term related by 7^2 to ti if 
there are still some delimiters left, or equal to ti if all the delimiters are removed. 
Finally, two identical lists are clearly bisimilar. 

3.3 Soundness 

To prove soundness of w w.r.t. contextual equivalence, we show that w is a con- 
gruence using Howe 's method, a well-known congruence proof method initially 
developed for the A-calculus [llllOI . We briefly sketch the method and explain 
how we apply it to ~; the complete proof can be found in Appendix IB. 21 

The idea of the method is as follows: first, prove some basic properties of 
Howe's closure «*, a relation which contains « and is a congruence by con- 
struction. Then, prove a simulation-like property for «*. From this result, prove 
that and « coincide on closed terms. Because w* is a congruence, it shows 
that « is a congruence as well. The definition of relies on the notion of com- 
patible refinement] given a relation TZ on open terms, the compatible refinement 
TZ relates two terms iff they have the same outermost operator and their im- 
mediate subterms are related by TZ. Formally, it is inductively defined by the 
following rules. 

to TZ ti to TZ t\ tg TZ t'^ to TZ t\ to TZ t\ 

X TZ X Xx.toTZXx.ti t{)t'oTZtit'i Sk.taTZSk.ti {to) TZ {ti) 

Howe's closure is inductively defined as the smallest congruence containing 
w° and closed under right composition with 

Definition 8. Howe's closure ~* is the smallest relation satisfying: 

to ~° ti to ti to ~* ti 

to ~* ti to ti to ti 

By construction, is a congruence (by the third rule of the definition), and 
composing on the right with k,° gives some transitivity properties to ~*. In 
particular, it helps in proving the following classical results (see [10] for the 
proofs). 
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Lemma 6 (Basic properties of «'). The following hold: 

— For all to, ti, vq, and vi, to ~* ti and vq ~' wi implies to{vo/x} ~* 
ti{vi/x}. 

— The relation (~*)* is symmetric. 

The first item states that is substitutive. This property helps in estabUshing 
the simulation-Uke property of (second step of the method). Let (w*)'^ be 
the restriction of to closed terms. We cannot prove directly that (w*)'^ is 
a bisimulation, so we prove a stronger result instead. We extend to labels, 
by defining E E' as the smallest congruence extending with the relation 
□ □, and by adding the relation r r. 

Lemma 7 (Simulation-like property). If to (w*)"^ ti and to ^ tQ, then for 
all a (pa*)"^ a' , there exists t[ such that ti ^ t[ and t'^ [f^'Y t'^. 

Using Lemma [7] and the fact that ((w*)"^)* is symmetric (by the second item 

of Lemma [6]), we can prove that {{~'Y)* is a bisimulation. Therefore, we have 

((«*)°)* C «, and because « C {k'Y C ((sa*)*^)* holds by construction, we can 

deduce w = (w*)^. Because {k,*Y is a congruence, we have the following result. 

Theorem 1. The relation k, is a congruence. 

As a corollary, « is sound w.r.t. contextual equivalence. 

Theorem 2. We have k,<Zk,^. 

3.4 Completeness and Context Lemma 

In this section, we prove that w is complete w.r.t. k,^. To this end, we use 
an auxiliary relation «c, defined below, which refines contextual equivalence 
by testing terms with evaluation contexts only. While proving completeness, 
we also prove = ~c, which means that testing with evaluation contexts is as 
discriminative as testing with any contexts. Such a simplification result is similar 
to Milner's context lemma [E]. 

Definition 9. Let to, ti be closed terms. We write to ~c ti if for all closed F , 

— F[to] J|v vo implies F[ti\ J|v vi; 

— F[to] J|v where t'^ is stuck, implies F[ti\ J|v t'l, with t[ stuck as well; 
and conversely for F[ti]. 

Clearly we have ^ ~c by definition. The relation w is complete w.r.t. w^,. 
Theorem 3. We have m^C^. 

The proof of Theorem [3] is the same as in A-calculus [TU] ; we prove that Wc is a 
big-step bisimulation, using Lemmas [31 SI and Theorem [21 The complete proof 
can be found in Appendix IB. 31 We can now prove that all the relations defined 
so far coincide. 

Theorem 4. We have = ~c = ~- 

Indeed, we have C w (Theorem [3]) , w C Rd^ (Theorem [2]), and pa^, C pa^, (by 
definition) . 
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x — 


\k1k2.k1 X k2 


Xx.t = 


\k\k2.k\ [XxT) k2 


to tl = 


\k1k2.to {Xxok'2.ti {\x1k2.xo Xi ki ^2) k'2) k2 


w= 


\k1k2.t 9 {Xx.ki X ^2) 


Sk.t = 


Xkik2.t{{Xxik'ik'2.ki xi {Xx2-k'i X2 ^2))/^} ^ ^2 


with 9 = 


Xxk2.k2 x 



Fig. 2: CPS translation 



4 Relation to CPS Equivalence 

In this section we study the relationship between our bisimilarity (and thus 
contextual equivalence) and an equivalence relation based on translating terms 
with shift and reset into continuation-passing style (CPS). Such an equivalence 
has been characterized in terms of direct-style equations by Kameyama and 
Hasegawa who developed an axiomatization of shift and reset [12]. We show 
that all but one of their axioms are validated by the bisimilarity of this article, 
which also provides several examples of use of the bisimilarity. We also pinpoint 
where the two relations differ. 

4.1 Axiomatization of Delimited Continuations 

The operators shift and reset have been originally defined by a translation into 
continuation-passing style 7 that we present in Fig. [51 Translated terms ex- 
pect two continuations: the delimited continuation representing the rest of the 
computation up to the dynamically nearest enclosing delimiter and the meta- 
continuation representing the rest of the computation beyond this delimiter. 

It is natural to relate any other theory of shift and reset to their definitional 
CPS translation. For example, the reduction rules t — >v t' given in Section [2?2l 
are sound w.r.t. the CPS because CPS translating t and t' yields /Jry-convertible 
terms in the A-calculus. More generally, the CPS translation for shift and reset 
induces the following notion of equivalence on terms: 

Definition 10. Terms t andt' are CPS equivalent if their CPS translations are 
Prj-convertible. 

In order to relate the bisimilarity of this article and the CPS equivalence, 
we use Kameyama and Hasegawa's axioms [12], which characterize the CPS 
equivalence in a sound and complete way: two terms are CPS equivalent iff 
one can derive their equality using the equations of Fig. |3j Kameyama and 
Hasegawa's axioms relate not only closed, but arbitrary terms and they assume 
variables as values. 

4.2 Kameyama and Hasegawa's Axioms through Bisimilarity 

We show that closed terms related by all the axioms except for S elim are 
bisimilar. In the following, we write I for the bisimulation {(t,i)}. 
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(Xx.t) V 


= t{v/x} 13, 


{\x.E[x]) t 


= if a; ^ fv(£') 


/3n 


{E[Sk.t]} 


= {t{Xx.{E[x]}/k}) (■> S 


{{Xx.to) 


= (\x.{to)) (ti) 


(■) lift 


{v) 


= V (■) val 


5fe.(t) 


= 5A;.t 


5 (■) 


Xx.v X 


= V if X ^ fv(u) r^v 


Sk.kt 


= t if fc ^ fv(f) 


5 elim 



Fig. 3: Axiomatization of Xs 



Proposition 1. We have {\x.t)v ~ t{v/x}, {E[Sk.t]) « {t{Xx.{E[x]) /k}) , and 
{v) « V. 

Proof. These are direct consequences of the fact that ^> C « (Lemma [3]). □ 
Proposition 2. If x ^ fv(?j), then Xx.v x ^ v. 

Proof. We prove that TZ — {{Xx.{Xy.t) x, Xy.t),x ^ fv(t)}U w is a bisimulation. 
To this end, we have to check that Xx.{Xy.t)x ^ {Xy.t)vo is matched by Xy.t 
t{vo/y}, i.e., that {Xy.t) vq TZ t{vo/y} holds for all vq. We have (Xy.t) vq ^• 
t{vQ/y}, and because ^ C ?» C 7^, we have the required result. □ 

Proposition 3. We have Sk.{t) « Sk.t. 

Proof Let 7^ = {{{{t}), (t))}. We prove that {{Sk.{t),Sk.t)}U U \J I is & big- 
step bisimulation. The transition Sk.{t) {{t{Xx.{E[x]) /k})) is matched by 
Sk.t {t{Xx.{E[x])/k}), and conversely. Let {{t)) TZ (<). It is straightforward 
to check that {{t)) ^ v iS t =^ v iS (t) ^ v. Therefore, any ^ transition from 
{{t}) is matched by (t), and conversely. If {t) ^ t' , then t' is a value or t' = (t") 
for some t"; consequently, neither (t) nor {{t)) can perform a transition. □ 

Proposition 4. M^e /laue ((Ax. to) (^i)) ~ {Xx.{to)) (ti). 

Proof. We prove that {(((Ax. to) (ti)), (Ax. (to)) (ti))}U I is a big-step bisimula- 
tion. A transition ((Ax. to) (ti)) ^ t' (with a 7^ r) is possible only if (ti) evaluates 
to some value v. In this case, we have ((Ax. to) (ti)) ^> ((Ax. to) w) A (to{v/x}) 
and (Ax.(to))(ti) ^ (to{u/x}). From this, it is easy to see that ((Ax. to) (ti)) ^ t' 
(with a ^ r) implies (Ax. (to)) (ti) =4> t', and conversely. □ 

Proposition 5. If x ^ fv(i?),, t/ien (Ax.£'[x]) t w £'[t]. 

Proof (Sketch). The complete proof, quite technical, can be found in Appendix [Cl 
Let Eg be such that fv{Eo) — 0. Given two families of contexts (i?{)i, (-El)*; we 
write a-f" (resp. ^^^^^-^"[^1) ^j^g substitution mapping fc^ to Xy.{El[Eo[E2[y]]]) 
(resp. A?/.(i;{[(Ax.£;oN) £'2[2/]]))- We define 

TZi = {(f [(Ax.iJoH) t]ao^^-^"["l . . .a^-^°[-U[i?o[t]]ao^» . . .a,f»), 

fv(t,F) C {fco...fc„}} 
7e2 = {(tao^^-^"[^l...a^^"M,tao^»...af"),fv(t) C {fco...fc4} 
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and we prove that TZi U TZ2 is a bisimulation. The relation TZi contains the 
terms related by Proposition [S] The transitions from terms in TZi give terms 
in TZi, except if a capture happens in t; in this case, we obtain terms in TZ2- 
Similarly, most transitions from terms in TZ2 give terms in TZ2, except if a term 
Xy.{El[Eo[E^[y]]]) (resp. Xy.{El[{Xx.Eo[x]) E^[y]])) is applied to a value (i.e., if 
t = F[ki v]). In this case, the /3-reduction generates terms in TZi. □ 

4.3 Bisimilarity and CPS Equivalence 

In Section l42l we have considered all the axioms of Fig. [Sj except S elim. The 
terms Sk.k t (with k ^ fv(t)) and t are not bisimilar in general, as we can see in 
the following result. 

Proposition 6. We have Sk.k v ^ v. 

The transition from Sk.k v cannot be matched by v. In terms of contextual 
equivalence, it is not possible to equate a stuck term and a value (it is also forbid- 
den by the relation «J of Section [O)) . The CPS equivalence cannot distinguish 
between stuck terms and values, because the CPS translation turns all Xs terms 
into A-calculus terms of the form Xkik2.t, where fci is the continuation up to 
the first enclosing reset, and ^2 is the continuation beyond this reset. Therefore, 
the CPS translation (and CPS equivalence) assumes that there is always an en- 
closing reset, while contextual equivalence does not. To be in accordance with 
CPS, the contextual equivalence should be changed, so that it tests terms only in 
contexts with an outermost delimiter. We conjecture that the CPS equivalence 
is included in such a modified contextual equivalence. Note that stuck terms can 
no longer be observed in such modified relation, because a term within a reset 
cannot become stuck (see the proof of Proposition[3]). Therefore, the bisimilarity 
of this article is too discriminative w.r.t. to this modified equivalence, and a new 
complete bisimilarity has to be found. 

Conversely, there exist bisimilar terms that are not CPS equivalent: 

Proposition 7. 1. We have fl k, QQ, hut fl and flfl are not CPS equivalent. 
2. Let — 06, where 9 = Xxy.y (Xz.x x y z), and A = Xx.5x 5^, where 5x = 
Xy.x {Xz.y y z). We have O k, A, hut and A are not CPS equivalent. 

Contextual equivalence puts all diverging terms in one equivalence class, while 
CPS equivalence is more discriminating. Furthermore, as is usual with equational 
theories for A-calculi, CPS equivalence is not strong enough to equate Turing's 
and Curry's (call-by-value) fixed point combinators. 

5 Conclusion 

In this article, we propose a first study of the behavioral theory of a A-calculus 
with delimited-control operators. We discuss various definitions of contextual 
equivalence, and we define an LTS-based applicative bisimilarity which is sound 
and complete w.r.t. the chosen contextual equivalence. Finally, we point out some 
differences between bisimilarity and CPS equivalence. We believe this work can 
be pursued in the following directions. 
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Up-to techniques. Up-to techniques |23I13I22] have been introduced to simphfy 
the use of bisimulation in proofs of program equivalences. The idea is to prove 
terms equivalences using relations that are usually not bisimulations, but are 
included in bisimulations. The validity of some applicative bisimilarities up-to 
context remains an open problem in the A-calculus |13| : nevertheless, we want to 
see if some up-to techniques can be applied to the bisimulations of this article. 

Other forms of bisimilarity. Applicative bisimilarity is simpler to prove than 
contextual equivalence, but its definition still involves some quantification over 
values and pure contexts in labels. Normal bisimilarities are easier to use be- 
cause their definitions do not feature such quantification. Lassen has developed 
a notion of normal bisimilarity, sound in various A-calculi 114115116] . and also 
complete in the A/i-calculus with state It would be interesting to see if 
this equivalence can be defined in a calculus with delimited control, and if it is 
complete in this setting. Another kind of equivalence worth exploring is envi- 
ronmental bisimilarity 22J. 

Other calculi with control. Defining an applicative bisimilarity for the call-by- 
name variant of A5 and for the hierarchy of delimited-control operators [7] should 
be straightforward. We plan to investigate applicative bisimilarities for a typed 
A5 as well [3] . The problem seems more complex in calculi with abortive opera- 
tors, such as call/cc. Because there is no delimiter for capture, these languages 
are not compositional (i.e., t ->v t' does not imply E[t] — >v which makes 

the definition of a compositional LTS more difficult. 

Acknowledgments: We thank Malgorzata Biernacka, Daniel Hirschkoff, Damien 
Pous, and the anonymous referees for many helpful comments on the presenta- 
tion of this work. 
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A Contextual Equivalence 

We prove the result admitted in Section 12.31 

Lemma 8. Let tp = [Sk.Xx.x) f2. Let t be such that x is the only free variable 
oft. Ift{tQ/x} -IJ-v VQj then there exists v such that vq — v{to/x}, and for all ti, 
we have t{ti/x} JJ-v v{ti/x}. 

Proof. We proceed by induction on the number n of reduction steps in t{to /x} ij-v 
Vq. li n — 0, then t is a value, and the result is obvious. For n > 0, we have 
t{to/x} -^v t' JJ-v Vq- By case analysis on the reduction t{to/x} — >v t', we can 
see that t' can be written t"{tQ/x}. In particular, the reduction F[{tQ)] -^^ 
F[{{Xx.{x Q)) {\x.x))] is not possible, because otherwise t' would diverge. By 
induction hypothesis, there exists v such that vq — v{tQ/x}, and for all ti, we 
have t"{ti/x} J|v v{ti/x}. Therefore, t{ti/x} J|v v{ti/x} holds, as wished. □ 



B Bisimilarity 

B.l Labelled Transition System 

Lemma 9. If t t' , then there exist E' , k, and s such that t = E'[Sk.s\ and 
t' = {s{Xx.{E[E'[x]])/k}). 

Proof. By induction on t ^ t' . Suppose we have Sk.s s{Xx.{E[x]) /k}; the 

result is obvious. Suppose we have t = vto and to " ^> t' . By induction hypoth- 
esis there exists E' , s such that = E'[Sk.s\ and t' — {s{\x.{{v E)[E' [x]]) / k}) . 
Therefore we have v t^ = v E'[Sk.s], and t' = {s{\x.{E[{v E' [x])]) / k}) , as re- 
quired. The other cases are treated similarly. □ 

Lemma 10 (Lemma [3] in the article). The following holds: 

— We have 

— Ift-^ t', then t is a stuck term, and {E[t]) — > t' . 

— If t ^ t' , then t is a value, and tv ^ t' . 

Proof. For the first result, the only difficult transition to check is the capture 

by shift. If {t) ^ t' with t t', then by Lemma IHl there exists E, s such that 
t^E[Sk.s] andt' ^ {s{Xx.{E[x]) /k}). We have {E [Sk.s]) {s{Xx.{E[x]) /k}), 
as wished. Conversely, if F[{E[Sk.s])] — !>v F[{s{Xx.{E[x])/k})], then one can 
check that F[{E[Sk.s])] A F[{s{Xx.{E[x])/k})] holds by induction on F. 

For the second result, by Lemma [SI there exist E' , k and s such that t — 
E'[Sk.s] and t' = {s{Xx.{E[E'[x]])/k}). The term t is stuck by LemmaE We 
can also easily check that {E[t]) = {E[E'[Sk.s]]) A {s{Xx.{E[E'[x]])/k}) holds. 

For the last result, by looking at the LTS, it is easy to see that t must be a 
value Xx.s, and t' — s{v/x}, and tv ^ t' . □ 
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B.2 Howe's method 



Lemma 11. If to ti, then there exists a substitution a which closes to and 
ti such that t^a {k,*Y ti^^j o,'>^d the size of the derivation of t^a («')'^ tia is 
equal to the size of the derivation of to ti. 

Proof. By induction on to ti. Suppose we have ~° ^i- Let cr be a substi- 
tution which closes to and ti; we have toa «° tia. The remaining cases are easy 
using induction. □ 

Lemma 12. Let t be a closed term. If t ^ t' , then for all a (m'Y a' , there 
exists t" such that t ^ t" and t' t" . 

Proof. By induction on t ^ t' . □ 
Lemma 13. IfXx.to (w*)^ Xx.ti andvo («*)^ vi thento{vo/x} («')^ ti{vi/x}. 

Proof. By induction on Xx.to («*)^ Xx.ti. 

Suppose Ax. to ~ Xx.ti. We have Xx.to to{vo/x}, so by Lemma [T^ there 
exists such that Xx.to — t'o and to{vo/x} t'o. By bisimilarity, there exists t'^ 
such that Xx.ti t[ and « t'^. The only possible outcome is t[ = ti{vi/x}, 
therefore we have to{vo/x} ti{vi/x}. Because the considered terms are 

closed, we have the required result. 

Suppose Xx.to Xx.ti. The result can easily be proved using induction 

and a similar reasoning as in the first case. 

Suppose Xx.to ~* Xx.ti. Then we have to ~' ii; therefore, by Lemma [51 we 
have to{vo/x} ti{vi/x}, as required. □ 

Lemma 14. If vo ti, then there exists vi such that ti ^ vi and vo 

Vi. 

Proof. By induction on vo ti. 

Suppose Wo ~ ti. Let vo = Xx.to; for all v, we have vo — > to{v/x}. By 
bisimilarity, there exists t\ such that vo ^ t"^ and to{v/x} w t\. Therefore there 
exists vi = Xx.t[ such that ti ^ vi ^ t[{v/x} and to{v/x} w t[{v/x}. Because 
this holds for all v, we have to ~° t[, therefore we have to ~' t[. From this 
observation, we deduce Xx.to (~*)^ Xx.t[, as wished. 

The case vo w*« ti relies on induction and a similar reasoning as in the 
first case. Suppose vo ~* ti. Let vo — Xx.to', we have ti — Xx.t'i with to ~' i'l- 
Because is a congruence, we have Xx.to ~' Xx.t[, as wished. □ 

Lemma 15. If Eo ~' Ei and to ~' ti then Eo[to] ~' Ei[ti]. 

Proof. By induction on Eo □ 

Lemma 16 (Lemma [Y] in the article). If to ti and to t'o, then for 

all a [oi'Y a' , there exists t\ such that ti ^ t\ and t'o (w*)^ t'-^. 
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Proof. By induction on the size of the derivation of <o {^'Y ii- 

If to Ri° ti, then we have Iq w ti because we work with closed terms. By 
Lemma [T2l there exists such that to ^^^^ (w*)^ tp. By bisimilarity, 

there exists t[ such that ti ^ t'^ and w (i.e., w° t'^ because the terms 
are closed). Therefore we have t'^, i.e., (w*)'^ t'^, as required. 

If to ^2 ~° ^1, then by Lemma [TTl there exists cr such that tga (w*)'^ t2(J 
and the size of the derivation of tga {fti'Y ^20" is the same as for (~')'^ ^2- Be- 
cause ^0 and are closed, and by definition of we have in fact to (w*)'^ t2(T « 

ti. By induction hypothesis, there exists t'2 such that t2<7 t'2 and (w*)"^ 

By bisimilarity, there exists t[ such that ti ^ t'j^ and t'2 ~ t[ (i.e., t'2 ~° t'^ 
because the terms are closed). Therefore we have t'o (Ri*)'^fti° t'^, i.e., (sa*)"^ t'l, 
as required. 

If to ~* ti, then we distinguish several cases, depending on the outermost 
operator. 

Suppose to = Xx.so and ti — Xx.si with sq ~* si. The only possible 

transition is ~^ so{v/x}. We have ti ^ si{u'/a;}- By Lemma [SJ we have 
so{v/x} si{v' /x}, and because a; is the only free variable of sq and si, we 
have so{v/x} {Ki*y si{v' /x}, as required. 

Suppose to — Sk.so and ti = Sk.si with sq ~* si. The only possible tran- 
sition is to {so{Xx.{E[x]) /k}). We have ti {si{Xx.{E'[x])/k}). Because 
«* is a congruence and by Lemma [T5l we have Xx.{E[x]) (w*)'^ Ax.(i?'[x]). 
Therefore, by Lemma[6l we have {so{Xx.{E[x]) /k}) «* si{Xx.{E'[x]) /k}, and 
because k is the only free variable of so and si, we have {so{Xx.{E[x]) / k}) (w*)'^ 
(si{Aj:.(i?'[a:])/fc}), as required. 

Suppose ^0 = (Ax. So) vo and ti — t\ t\ with Acc.sq (k,*Y i\ and uq (w')^ tf. 
The only possible transition is to so{uo/2;}. By Lemma [HI there exists Ax.Si, 
Vi such that t\ ^ Aa;.si, t\ ^ wi, A.t.sq [k,*Y Ax.Si, and uq (~')'^ wi. From 
t\ =5> Acc.si and vi, we can deduce ti ^ si{z;i/a;}, and from Ax.sq {'^*Y 

Xx.Si and ^o (~*)^ ui, we have so{wo/a;} «* Si{vi/a;} by Lemma [T3l Hence, we 
have the required result. 

Suppose to — Vo So and <i = t\ si with vo {~*Y ^1 and so (~*Y si. The only 
possible transition is to — > wo Sqi where so — > Sq. By Lemma |14[ there exists vi 
such that t\ ^ vi and vo {~'Y ^i- ^y induction hypothesis, there exists s'^ such 
that si ^ s'j and si {^i'Y s'l- Therefore we have ti ^ vi s'^, and because (w*)'^ 
is a congruence, we have vo Sq (w')^ vi s'^, hence the result holds. 

Suppose to = tl tl and ti = i} tl with («•)= and tl («•)'= ^he only 
possible transition is to to t^^ where t\ ^ t^. By induction, there exists t]' 
such that t\ ^ t^ and ij' (w*)'^ t]' . Therefore we have ti ^ t]' t\, and because 
(«*)'= is a congruence, we have tj' to (~*)'^ ^i' t\, hence the result holds. The 
case to — (so), where Sq is not a value, is treated similarly. 
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Suppose io = (''^o) and^i = (si) with wq (~')^ si. The only possible transition 
is to — > vo- By Lemma 1141 there exists vi such that si ^ wi and uq (w*)'^ t^i. 
We have ti ^ vi, with vq (m'y vi, hence the result holds. □ 

Lemma 17. The relation ((w*)"^)* is a bisimulation. 

Proof. We know that ((~')^)* is symmetric by Lemma |B1 so it is enough to 
prove that ((w*)"^)* is a simulation. Let to((~*)'^)*^i; there exists an integer k 
such that to {{oi'Y)'^ ti. Let (io)iG{i...fc} be the terms such that {^'Y i^'T 
t^. . . tg^^ (Ki'Y t^ = ti. Let to A ^Q. We prove by induction on i g 1 . . . fc that 
there exists t^ such that ig ^ t^' and ((~')^)* ^o'- Suppose i = 1. We have 
a a so by Lemma [TBI there exists ij' such that =4' ij' and (~')'^ ifj', 

as wished. The case 1 < i < fc is easy by induction. In particular, for i = k, 
we have ti = t^ =^ ^o((~')^)'^*o ■ We have the required result because 

c ii^-yr. □ 

Theorem 5 (Theorem [2] in the article). M/'e have paCw^,. 

Proof. Let tg w ti, and C a context. Because « is a congruence, we have C[tg] w 
C[ti]. If C[tg] -IJ-v vo: then we have C[to] =5> ug A; by bisimilarity, there exists 
Vi such that C[ti\ ^ vi A, therefore we have C[ti] JJ-v vi- The reasoning is the 
same if C[tg] JJ-v tg, where t'g is stuck, and for the evaluations of C[ti]. □ 

B.3 Completeness 

Theorem 6 (Theorem [3] in the article). We have C w. 

Proof. Because is symmetric, it is enough to prove that «c is a big-step 
simulation. Let to ~c ^i- We have two cases to consider. 

Suppose to t'o- Then we have to JJ-v vo for some wg. By definition of Wc, there 
exists vi such that ti JJ-v wi. Therefore, we have ti ^ t'j^ for some t[ and tgw ^ tg 
and ti V ^ t'l by Lemma [TUl Hence, we have ig u w ig and ti v ^ t'l by Lemma 
m Because to ~c ^i, we have to v «c v. Finally, we have tg w tg w v ~ 
and ig «c by Theorem [S] and transitivity of 

Suppose to ^ ig- Then we have to JJ-v ig for some tg. By definition of ~c, 
there exists t'/ such that ti JJ-v . Therefore, by definition of the LTS, we have 

ti 4> t[ for some t[. We then have {E[to]) ^ tg and {E[ti]) ^ t'^ by Lemma [TUl 
Hence, we have {E[to]) ~ ig and ~ i'l by Lemma [H Because to «c ti, 

we have (£^[to]) «c {E[ti]). Finally, we have if, w (-^[tg]) «c (-£^[^1]) » t[, and, 
therefore we have tg i'l by Theorem |S] and transitivity of «e- n 

C Proof of Proposition [5] 

Proof. Let i?o be such that fv(i?o) = 0. We let erf" (resp. ^j^^-^"^^^'^ range over 
substitutions mapping ki to Ay.(i?{[i?o[ii'2[2/]]]) (resp. Xy.{El[{Xx.Eo[x]) E2[y]])) 
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for some fixed E^, E^- We define 

Ht.F) C {fco...A;„}} 

and we prove that TZi U 7?.2 is a bisimulation. First, let to T^i ti with to = 
F[(Ax.SoN) t]ao"-^'''"l...a^"-^''I"l and h = . . . " ; we consider 

the possible transitions from to- 

- If t A t', then to ^ t^, = F[{\x.Eo [x])*']^^^" ''''!^! . . . a^^-^'-M and ti A t'l = 
F[Eo[t']]a^" . . . af". We still have tf, 7^l t'l. 

- If t is a value v, then to ^ to = F [So M ] ^ ' ct^""'^'''''' (with rule 
(|3v)), and ti = F[Eo[v\]a^'' . . .erf". We have tj. Tea ti. 

- If t is a stuck term, then wc have two possibilities. If F contains a reset, then 
the shift in t can capture the context up to this delimiter, resulting in to — > 
t'o = F'[t'{Xy.{E,[{Xx.Eo[x]) E2[y]])/kn+i}]af"^''l..a^''-''"^''^ and h ^ 
t[ = F'[t'{Xy.{Ei[Eo[E2[y]]])/kn+i}](TQ'> . . .af". Otherwise, t can capture F, 

giving to A t^, = t'{Ay.(i?i[(Ax.i?oN)i?2[y]])/fc„+i}ao^"''"'"^..a^"-''''["^ 
and similarly ti A t^ = t'{Xy.{Ei[Eo[E2[y]]]) /kn+i}ao" . . . . In both 

cases, wc have tg 7?,2 t'j^. 

Conversely, one can check that the transitions from ti are matched by to- Now, 
we consider to 112 ti with to = tao'' '^'''''' • • • o-^^-^"'''' and h = ta^" . . . af". We 
enumerate the possible transitions from to- 

- If t ^ t', then to ^ t^, = tV^" ''''!"! . . . and h ^ A = ^'4" • • • 
Wc still have t^, 112 t[. 

- Suppose t = i^[(Az.t') ki]. Then, using rule (|3v), we have the transitions 

to ^ t'o = F[t'{Xy.{Ei[{Xx.Eo[x]) i;|[y]])/4]^o • • • a^"-"""'"' and h ^ 
t[ = F[f'{Xy.{El[Eo[E^[y]]])/z}]ag'' . .. af" . The terms tf, and ti can be writ- 
ten F[t'{h/z}]ao''-'^"^'''^ . . . CT^^-^"!^! and F[t'{ki/z}]al^'' . . . " , therefore we 
have to 7^2 t[. The reasoning is the same if t = F[{ki)]. 

- If t = F[ki v], then to A t^, = F[{Ei[{Xx.Eo [x]) £;|M])]^o" • • • a^"-'''''"^ 
and ti ^ t[ = F[{Ei[Eo[El[v]]])]a^'' . . . af". We have t(, TZi t[. 

Conversely, one can check that the transitions from ti are matched by to- Finally, 
TZi U 7^2 is a bisimulation, as wished. □ 
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